gitlabFork/ISPConfig3.git - Solinfo Gitblit

Marius Burkard

2016-05-23 9376d70f0ccba49ead95ef47f0ecba568ea2d6e1

commit \| author \| age
32d8e9	1	<?php
T	2
	3	/*
	4	Copyright (c) 2007, Till Brehm, projektfarm Gmbh
	5	All rights reserved.
	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	class installer_dist extends installer_base {
223c56	32	protected $mailman_group = 'mailman';
60b700	33
MC	34	public function __construct() {
	35	//** check apache modules */
	36	$mods = getapachemodules();
	37	if(in_array('authz_compat', $mods, true)) {
	38	swriteln($inst->lng(' WARNING! You are using mod_authz_compat.'));
	39	swriteln($inst->lng(' Please make sure that your apache config uses the new auth syntax:'));
	40	swriteln($inst->lng(' <Directory />'));
	41	swriteln($inst->lng(' Options None'));
	42	swriteln($inst->lng(' AllowOverride None'));
	43	swriteln($inst->lng(' Require all denied'));
	44	swriteln($inst->lng(' </Directory>'."\n"));
	45
	46	swriteln($inst->lng(' If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
	47	}
526b99	48	}
b1a6a5	49
32d8e9	50	function configure_postfix($options = '')
b1a6a5	51	{
b51c22	52	global $conf,$autoinstall;
32d8e9	53	$cf = $conf['postfix'];
T	54	$config_dir = $cf['config_dir'];
b1a6a5	55
32d8e9	56	if(!is_dir($config_dir)){
b1a6a5	57	$this->error("The postfix configuration directory '$config_dir' does not exist.");
MC	58	}
	59
32d8e9	60	//* mysql-virtual_domains.cf
b1a6a5	61	$this->process_postfix_config('mysql-virtual_domains.cf');
32d8e9	62
T	63	//* mysql-virtual_forwardings.cf
b1a6a5	64	$this->process_postfix_config('mysql-virtual_forwardings.cf');
32d8e9	65
T	66	//* mysql-virtual_mailboxes.cf
b1a6a5	67	$this->process_postfix_config('mysql-virtual_mailboxes.cf');
32d8e9	68
T	69	//* mysql-virtual_email2email.cf
b1a6a5	70	$this->process_postfix_config('mysql-virtual_email2email.cf');
32d8e9	71
T	72	//* mysql-virtual_transports.cf
b1a6a5	73	$this->process_postfix_config('mysql-virtual_transports.cf');
32d8e9	74
T	75	//* mysql-virtual_recipient.cf
b1a6a5	76	$this->process_postfix_config('mysql-virtual_recipient.cf');
32d8e9	77
T	78	//* mysql-virtual_sender.cf
b1a6a5	79	$this->process_postfix_config('mysql-virtual_sender.cf');
32d8e9	80
03b633	81	//* mysql-virtual_sender_login_maps.cf
D	82	$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
	83
32d8e9	84	//* mysql-virtual_client.cf
b1a6a5	85	$this->process_postfix_config('mysql-virtual_client.cf');
MC	86
32d8e9	87	//* mysql-virtual_relaydomains.cf
b1a6a5	88	$this->process_postfix_config('mysql-virtual_relaydomains.cf');
MC	89
429dcf	90	//* mysql-virtual_relayrecipientmaps.cf
b1a6a5	91	$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
32d8e9	92
75722e	93	//* mysql-virtual_policy_greylist.cf
D	94	$this->process_postfix_config('mysql-virtual_policy_greylist.cf');
	95
b1a6a5	96	//* postfix-dkim
MC	97	$full_file_name=$config_dir.'/tag_as_originating.re';
	98	if(is_file($full_file_name)) {
	99	copy($full_file_name, $config_dir.$configfile.'~');
	100	}
	101	wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
ec5716	102
b1a6a5	103	$full_file_name=$config_dir.'/tag_as_foreign.re';
MC	104	if(is_file($full_file_name)) {
	105	copy($full_file_name, $config_dir.$configfile.'~');
	106	}
	107	wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
ec5716	108
32d8e9	109	//* Changing mode and group of the new created config files.
T	110	caselog('chmod o= '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
b1a6a5	111	__FILE__, __LINE__, 'chmod on mysql-virtual_.cf', 'chmod on mysql-virtual_.cf failed');
MC	112	caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
	113	__FILE__, __LINE__, 'chgrp on mysql-virtual_.cf', 'chgrp on mysql-virtual_.cf failed');
	114
1ca823	115	if(!is_dir($cf['vmail_mailbox_base'])) mkdir($cf['vmail_mailbox_base']);
b1a6a5	116
32d8e9	117	//* Creating virtual mail user and group
fdb514	118	if(is_group($cf['vmail_groupname'])) {
T	119	$command = 'groupmod -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
	120	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	121	} else {
	122	$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
	123	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	124	}
b1a6a5	125
fdb514	126	if(is_user($cf['vmail_username'])) {
T	127	$command = 'usermod -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' -d '.$cf['vmail_mailbox_base'].' -s /bin/bash '.$cf['vmail_username'];
	128	caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	129	} else {
	130	$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
	131	caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
8f898a	132	}
b1a6a5	133
d2e848	134	if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']);
b1a6a5	135
b67344	136	//* These postconf commands will be executed on installation and update
2af58c	137	$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
7b47c0	138	$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
T	139	unset($server_ini_rec);
	140
	141	//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
	142	$rbl_list = '';
	143	if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
b1a6a5	144	$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
7b47c0	145	foreach ($rbl_hosts as $key => $value) {
T	146	$rbl_list .= ", reject_rbl_client ". $value;
	147	}
	148	}
	149	unset($rbl_hosts);
b1a6a5	150
75722e	151	//* If Postgrey is installed, configure it
D	152	$greylisting = '';
	153	if($conf['postgrey']['installed'] == true) {
20f478	154	$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
75722e	155	}
D	156
20f478	157	$reject_sender_login_mismatch = '';
D	158	if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
	159	$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
	160	}
	161	unset($server_ini_array);
	162
b1a6a5	163	$postconf_placeholders = array('{config_dir}' => $config_dir,
MC	164	'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
	165	'{vmail_userid}' => $cf['vmail_userid'],
	166	'{vmail_groupid}' => $cf['vmail_groupid'],
75722e	167	'{rbl_list}' => $rbl_list,
D	168	'{greylisting}' => $greylisting,
20f478	169	'{reject_slm}' => $reject_sender_login_mismatch,
75722e	170	);
20f478	171
b1a6a5	172	$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_postfix.conf.master', 'tpl/opensuse_postfix.conf.master');
MC	173	$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
	174	$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
	175
b67344	176	//* These postconf commands will be executed on installation only
T	177	if($this->is_update == false) {
b1a6a5	178	$postconf_commands = array_merge($postconf_commands, array(
MC	179	'myhostname = '.$conf['hostname'],
	180	'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
	181	'mynetworks = 127.0.0.0/8 [::1]/128'
	182	));
b67344	183	}
b1a6a5	184
32d8e9	185	//* Create the header and body check files
T	186	touch($config_dir.'/header_checks');
	187	touch($config_dir.'/mime_header_checks');
	188	touch($config_dir.'/nested_header_checks');
	189	touch($config_dir.'/body_checks');
b1a6a5	190
3f478f	191	//* Create the mailman files
T	192	if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
	193	if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
	194	exec('postalias /var/lib/mailman/data/aliases');
	195	if(!is_file('/var/lib/mailman/data/virtual-mailman')) touch('/var/lib/mailman/data/virtual-mailman');
	196	exec('postmap /var/lib/mailman/data/virtual-mailman');
	197	if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
	198	exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
b1a6a5	199
616ad0	200	//* Create auxillary postfix conf files
FS	201	$configfile = 'helo_access';
	202	if(is_file($config_dir.'/'.$configfile)) {
	203	copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
	204	chmod($config_dir.'/'.$configfile.'~', 0400);
	205	}
	206	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
	207	$content = strtr($content, $postconf_placeholders);
	208	# todo: look up this server's ip addrs and loop through each
	209	# todo: look up domains hosted on this server and loop through each
	210	wf($config_dir.'/'.$configfile, $content);
	211
	212	$configfile = 'blacklist_helo';
	213	if(is_file($config_dir.'/'.$configfile)) {
	214	copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
	215	chmod($config_dir.'/'.$configfile.'~', 0400);
	216	}
	217	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
	218	$content = strtr($content, $postconf_placeholders);
	219	wf($config_dir.'/'.$configfile, $content);
	220
32d8e9	221	//* Make a backup copy of the main.cf file
T	222	copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
b1a6a5	223
32d8e9	224	//* Executing the postconf commands
T	225	foreach($postconf_commands as $cmd) {
	226	$command = "postconf -e '$cmd'";
	227	caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	228	}
b1a6a5	229
MC	230	if(!stristr($options, 'dont-create-certs')) {
32d8e9	231	//* Create the SSL certificate
b04e82	232	if(AUTOINSTALL){
TB	233	$command = 'cd '.$config_dir.'; '
	234	."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
	235	} else {
	236	$command = 'cd '.$config_dir.'; '
	237	.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
	238	}
32d8e9	239	exec($command);
b1a6a5	240
32d8e9	241	$command = 'chmod o= '.$config_dir.'/smtpd.key';
T	242	caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	243	}
b1a6a5	244
32d8e9	245	//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
T	246	$command = 'chmod 755 /var/run/authdaemon.courier-imap';
	247	caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
b1a6a5	248
bd5d26	249	//* Check maildrop service in posfix master.cf
FS	250	$regex = "/^maildrop unix.*pipe flags=DRhu user=vmail argv=\\/usr\\/bin\\/maildrop -d ".$cf['vmail_username']." \\$\{extension} \\$\{recipient} \\$\{user} \\$\{nexthop} \\$\{sender}/";
32d8e9	251	$configfile = $config_dir.'/master.cf';
9c6782	252	if($this->get_postfix_service('maildrop', 'unix')) {
ea30e1	253	exec ("postconf -M maildrop.unix &> /dev/null", $out, $ret);
bd5d26	254	$change_maildrop_flags = @(preg_match($regex, $out[0]) && $out[0] !='')?false:true;
9c6782	255	} else {
bd5d26	256	$change_maildrop_flags = @(preg_match($regex, $configfile))?false:true;
FS	257	}
	258	if ($change_maildrop_flags) {
	259	//* Change maildrop service in posfix master.cf
	260	if(is_file($config_dir.'/master.cf')) {
	261	copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
	262	}
	263	if(is_file($config_dir.'/master.cf~')) {
	264	chmod($config_dir.'/master.cf~', 0400);
	265	}
	266	$configfile = $config_dir.'/master.cf';
	267	$content = rf($configfile);
	268	$content = str_replace(' flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
	269	'flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	270	$content);
	271	$content = str_replace(' flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
	272	'flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	273	$content);
	274	}
fdb514	275	// enable tlsmanager
b1a6a5	276	$content = str_replace('#tlsmgr unix - - n 1000? 1 tlsmgr', 'tlsmgr unix - - n 1000? 1 tlsmgr', $content);
32d8e9	277	wf($configfile, $content);
b1a6a5	278
32d8e9	279	//* Writing the Maildrop mailfilter file
T	280	$configfile = 'mailfilter';
	281	if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
b1a6a5	282	copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
MC	283	}
615a0a	284	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	285	$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
T	286	wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
b1a6a5	287
32d8e9	288	//* Create the directory for the custom mailfilters
T	289	$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
	290	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	291
32d8e9	292	//* Chmod and chown the .mailfilter file
T	293	$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
	294	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	295
32d8e9	296	$command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
T	297	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	298
32d8e9	299	}
b1a6a5	300
32d8e9	301	public function configure_saslauthd() {
T	302	global $conf;
b1a6a5	303
32d8e9	304	// Edit the file /etc/init.d/saslauthd
T	305	$configfile = $conf["init_scripts"].'/'.$conf["saslauthd"]["init_script"];
	306	$content = rf($configfile);
b1a6a5	307	$content = str_replace('/sbin/startproc $AUTHD_BIN -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', '/sbin/startproc $AUTHD_BIN -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', $content);
MC	308	$content = str_replace('/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', '/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', $content);
	309
	310
	311	if(is_file($configfile)) wf($configfile, $content);
	312
32d8e9	313	}
b1a6a5	314
32d8e9	315	public function configure_pam()
b1a6a5	316	{
32d8e9	317	global $conf;
T	318	$pam = $conf['pam'];
	319	//* configure pam for SMTP authentication agains the ispconfig database
	320	$configfile = 'pamd_smtp';
	321	if(is_file("$pam/smtp")) copy("$pam/smtp", "$pam/smtp~");
	322	if(is_file("$pam/smtp~")) exec("chmod 400 $pam/smtp~");
	323
615a0a	324	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	325	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T	326	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	327	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	328	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	329	wf("$pam/smtp", $content);
03bff7	330	// On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect.
T	331	if(is_file("$pam/smtp")) exec("chmod o= $pam/smtp");
32d8e9	332	}
b1a6a5	333
32d8e9	334	public function configure_courier()
b1a6a5	335	{
32d8e9	336	global $conf;
T	337	$config_dir = $conf['courier']['config_dir'];
	338	//* authmysqlrc
	339	$configfile = 'authmysqlrc';
	340	if(is_file("$config_dir/$configfile")){
b1a6a5	341	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	342	}
32d8e9	343	exec("chmod 400 $config_dir/$configfile~");
615a0a	344	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
b1a6a5	345	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	346	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	347	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	348	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	349	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
32d8e9	350	wf("$config_dir/$configfile", $content);
b1a6a5	351
32d8e9	352	exec("chmod 660 $config_dir/$configfile");
T	353	exec("chown root:root $config_dir/$configfile");
b1a6a5	354
32d8e9	355	//* authdaemonrc
T	356	$configfile = $conf['courier']['config_dir'].'/authdaemonrc';
	357	if(is_file($configfile)){
b1a6a5	358	copy($configfile, $configfile.'~');
MC	359	}
32d8e9	360	if(is_file($configfile.'~')){
b1a6a5	361	exec('chmod 400 '.$configfile.'~');
MC	362	}
32d8e9	363	$content = rf($configfile);
T	364	$content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
	365	wf($configfile, $content);
	366	}
b1a6a5	367
fdb514	368	public function configure_dovecot()
b1a6a5	369	{
fdb514	370	global $conf;
b1a6a5	371
a8aad2	372	$virtual_transport = 'dovecot';
8b23f8	373
FS	374	$configure_lmtp = false;
a8aad2	375
DM	376	// check if virtual_transport must be changed
	377	if ($this->is_update) {
2af58c	378	$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
a8aad2	379	$ini_array = ini_to_array(stripslashes($tmp['config']));
DM	380	// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
	381
	382	if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
	383	$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
8b23f8	384	$configure_lmtp = true;
a8aad2	385	}
DM	386	}
	387
bd5d26	388	$config_dir = $conf['postfix']['config_dir'];
9c6782	389
fdb514	390	//* Configure master.cf and add a line for deliver
9c6782	391	if(!$this->get_postfix_service('dovecot', 'unix')) {
bd5d26	392	//* backup
FS	393	if(is_file($config_dir.'/master.cf')){
	394	copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
	395	}
	396	if(is_file($config_dir.'/master.cf~')){
	397	chmod($config_dir.'/master.cf~2', 0400);
	398	}
	399	//* Configure master.cf and add a line for deliver
	400	$content = rf($conf["postfix"]["config_dir"].'/master.cf');
9c6782	401	$deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
b1a6a5	402	af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
bd5d26	403	unset($content);
FS	404	unset($deliver_content);
fdb514	405	}
b1a6a5	406
fdb514	407	//* Reconfigure postfix to use dovecot authentication
T	408	// Adding the amavisd commands to the postfix configuration
	409	$postconf_commands = array (
	410	'dovecot_destination_recipient_limit = 1',
a8aad2	411	'virtual_transport = '.$virtual_transport,
fdb514	412	'smtpd_sasl_type = dovecot',
T	413	'smtpd_sasl_path = private/auth',
	414	);
b1a6a5	415
fdb514	416	// Make a backup copy of the main.cf file
b1a6a5	417	copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');
MC	418
fdb514	419	// Executing the postconf commands
T	420	foreach($postconf_commands as $cmd) {
	421	$command = "postconf -e '$cmd'";
	422	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	423	}
bd5d26	424
FS	425	$config_dir = $conf['dovecot']['config_dir'];
b1a6a5	426
31e0d1	427	//* backup dovecot.conf
fdb514	428	$configfile = 'dovecot.conf';
T	429	if(is_file("$config_dir/$configfile")){
b1a6a5	430	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	431	}
	432
31e0d1	433	//* Get the dovecot version
b1a6a5	434	exec('dovecot --version', $tmp);
MC	435	$parts = explode('.', trim($tmp[0]));
31e0d1	436	$dovecot_version = $parts[0];
T	437	unset($tmp);
	438	unset($parts);
b1a6a5	439
31e0d1	440	//* Copy dovecot configuration file
T	441	if($dovecot_version == 2) {
b1a6a5	442	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot2.conf.master')) {
MC	443	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot2.conf.master', $config_dir.'/'.$configfile);
	444	} else {
	445	copy('tpl/opensuse_dovecot2.conf.master', $config_dir.'/'.$configfile);
	446	}
31e0d1	447	} else {
b1a6a5	448	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master')) {
MC	449	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master', $config_dir.'/'.$configfile);
	450	} else {
	451	copy('tpl/opensuse_dovecot.conf.master', $config_dir.'/'.$configfile);
	452	}
31e0d1	453	}
b1a6a5	454
8b23f8	455	//* dovecot-lmtpd
FS	456	if($configure_lmtp) {
	457	replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0);
	458	}
	459
fdb514	460	//* dovecot-sql.conf
T	461	$configfile = 'dovecot-sql.conf';
	462	if(is_file("$config_dir/$configfile")){
b1a6a5	463	copy("$config_dir/$configfile", "$config_dir/$configfile~");
b67344	464	exec("chmod 400 $config_dir/$configfile~");
b1a6a5	465	}
MC	466
615a0a	467	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot-sql.conf.master', "tpl/opensuse_dovecot-sql.conf.master");
b1a6a5	468	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	469	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	470	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	471	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	472	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
032b86	473	$content = str_replace('{server_id}', $conf['server_id'], $content);
fdb514	474	wf("$config_dir/$configfile", $content);
b1a6a5	475
fdb514	476	exec("chmod 600 $config_dir/$configfile");
T	477	exec("chown root:root $config_dir/$configfile");
5e7306	478
TB	479	// Dovecot shall ignore mounts in website directory
f9d95c	480	if(is_installed('doveadm')) exec("doveadm mount add '/srv/www/*' ignore > /dev/null 2> /dev/null");
fdb514	481
T	482	}
b1a6a5	483
32d8e9	484	public function configure_amavis() {
T	485	global $conf;
b1a6a5	486
32d8e9	487	// amavisd user config file
T	488	$configfile = 'opensuse_amavisd_conf';
b1a6a5	489	if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) @copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
32d8e9	490	if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
615a0a	491	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
b1a6a5	492	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	493	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	494	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	495	$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
	496	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
223c56	497	$content = str_replace('{hostname}', $conf['hostname'], $content);
b1a6a5	498	wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
c83951	499	chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
b1a6a5	500
MC	501
32d8e9	502	// Adding the amavisd commands to the postfix configuration
T	503	$postconf_commands = array (
	504	'content_filter = amavis:[127.0.0.1]:10024',
	505	'receive_override_options = no_address_mappings'
	506	);
b1a6a5	507
32d8e9	508	// Make a backup copy of the main.cf file
b1a6a5	509	copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');
MC	510
32d8e9	511	// Executing the postconf commands
T	512	foreach($postconf_commands as $cmd) {
	513	$command = "postconf -e '$cmd'";
	514	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	515	}
b1a6a5	516
bd5d26	517	$config_dir = $conf['postfix']['config_dir'];
FS	518
	519	// Adding amavis-services to the master.cf file if the service does not already exists
9c6782	520	$add_amavis = !$this->get_postfix_service('amavis','unix');
FS	521	$add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet');
	522	$add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet');
bd5d26	523
FS	524	if ($add_amavis \|\| $add_amavis_10025 \|\| $add_amavis_10027) {
	525	//* backup master.cf
	526	if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
	527	// adjust amavis-config
	528	if($add_amavis) {
	529	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
	530	af($config_dir.'/master.cf', $content);
	531	unset($content);
	532	}
	533	if ($add_amavis_10025) {
	534	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
	535	af($config_dir.'/master.cf', $content);
	536	unset($content);
	537	}
	538	if ($add_amavis_10027) {
	539	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
	540	af($config_dir.'/master.cf', $content);
	541	unset($content);
	542	}
8100f2	543	}
b1a6a5	544
32d8e9	545	// Add the clamav user to the vscan group
5edf40	546	//exec('groupmod --add-user clamav vscan');
TB	547	$command = 'usermod -a -G clamav vscan';
	548	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	549
MC	550
32d8e9	551	}
b1a6a5	552
32d8e9	553	public function configure_spamassassin()
b1a6a5	554	{
32d8e9	555	global $conf;
b1a6a5	556
32d8e9	557	//* Enable spamasasssin on debian and ubuntu
T	558	/*
	559	$configfile = '/etc/default/spamassassin';
	560	if(is_file($configfile)){
	561	copy($configfile, $configfile.'~');
	562	}
	563	$content = rf($configfile);
	564	$content = str_replace('ENABLED=0', 'ENABLED=1', $content);
	565	wf($configfile, $content);
	566	*/
	567	}
b1a6a5	568
32d8e9	569	public function configure_getmail()
b1a6a5	570	{
32d8e9	571	global $conf;
b1a6a5	572
32d8e9	573	$config_dir = $conf['getmail']['config_dir'];
b1a6a5	574
32d8e9	575	if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));
T	576
	577	$command = "useradd -d $config_dir getmail";
	578	if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	579
32d8e9	580	$command = "chown -R getmail $config_dir";
T	581	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	582
32d8e9	583	$command = "chmod -R 700 $config_dir";
T	584	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	585	}
b1a6a5	586
MC	587
32d8e9	588	public function configure_pureftpd()
b1a6a5	589	{
32d8e9	590	global $conf;
b1a6a5	591
32d8e9	592	$config_dir = $conf['pureftpd']['config_dir'];
T	593
	594	//* configure pam for SMTP authentication agains the ispconfig database
	595	$configfile = 'db/mysql.conf';
	596	if(is_file("$config_dir/$configfile")){
b1a6a5	597	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	598	}
32d8e9	599	if(is_file("$config_dir/$configfile~")){
b1a6a5	600	exec("chmod 400 $config_dir/$configfile~");
MC	601	}
615a0a	602	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
32d8e9	603	$content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
T	604	$content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
	605	$content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
	606	$content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
	607	$content = str_replace('{server_id}', $conf["server_id"], $content);
	608	wf("$config_dir/$configfile", $content);
	609	exec("chmod 600 $config_dir/$configfile");
	610	exec("chown root:root $config_dir/$configfile");
b1a6a5	611
32d8e9	612	// copy our customized copy of pureftpd.conf to the pure-ftpd config directory
615a0a	613	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_pureftpd_conf.master')) {
b1a6a5	614	exec("cp " . $conf['ispconfig_install_dir']."/server/conf-custom/install/opensuse_pureftpd_conf.master $config_dir/pure-ftpd.conf");
MC	615	} else {
	616	exec("cp tpl/opensuse_pureftpd_conf.master $config_dir/pure-ftpd.conf");
	617	}
	618
32d8e9	619	}
b1a6a5	620
32d8e9	621	public function configure_mydns()
b1a6a5	622	{
32d8e9	623	global $conf;
b1a6a5	624
223c56	625	// configure mydns
32d8e9	626	$configfile = 'mydns.conf';
b1a6a5	627	if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
32d8e9	628	if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
615a0a	629	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
b1a6a5	630	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	631	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	632	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	633	$content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
82e9b9	634	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5	635	$content = str_replace('{server_id}', $conf["server_id"], $content);
MC	636	wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
32d8e9	637	exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
T	638	exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
b1a6a5	639
32d8e9	640	}
b1a6a5	641
32d8e9	642	public function configure_apache()
b1a6a5	643	{
32d8e9	644	global $conf;
b1a6a5	645
1bd269	646	if($conf['apache']['installed'] == false) return;
32d8e9	647	//* Create the logging directory for the vhost logfiles
T	648	exec('mkdir -p /var/log/ispconfig/httpd');
6c9bc3	649
TB	650	//* enable apache logio module
	651	exec('a2enmod logio');
b1a6a5	652
32d8e9	653	//if(is_file('/etc/suphp.conf')) {
b1a6a5	654	replaceLine('/etc/suphp.conf', 'php=php', 'x-httpd-suphp="php:/srv/www/cgi-bin/php5"', 0, 0);
MC	655	replaceLine('/etc/suphp.conf', 'php="php', 'x-httpd-suphp="php:/srv/www/cgi-bin/php5"', 0, 0);
	656	replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/srv/www', 0, 0);
	657	replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
32d8e9	658	//}
b1a6a5	659
26c0fc	660	if(!file_exists('/srv/www/cgi-bin/php5') && file_exists('/srv/www/cgi-bin/php')) {
b1a6a5	661	symlink('/srv/www/cgi-bin/php', '/srv/www/cgi-bin/php5');
26c0fc	662	}
b1a6a5	663
dbe5b0	664	// Sites enabled and available dirs
32d8e9	665	exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
T	666	exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
b1a6a5	667
32d8e9	668	$content = rf('/etc/apache2/httpd.conf');
b1a6a5	669	if(!stristr($content, 'Include /etc/apache2/sites-enabled/')) {
5545f1	670	af('/etc/apache2/httpd.conf', "\n<Directory /srv/www>\n Options +FollowSymlinks\n</Directory>\n\nInclude /etc/apache2/sites-enabled/\n\n");
32d8e9	671	}
T	672	unset($content);
b1a6a5	673
32d8e9	674	//* Copy the ISPConfig configuration include
b1a6a5	675	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
MC	676	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
	677
ccbf14	678	$tpl = new tpl('apache_ispconfig.conf.master');
TB	679	$tpl->setVar('apache_version',getapacheversion());
	680
2af58c	681	$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
ccbf14	682	$ip_addresses = array();
TB	683
fb3a98	684	if(is_array($records) && count($records) > 0) {
32d8e9	685	foreach($records as $rec) {
a2156e	686	if($rec['ip_type'] == 'IPv6') {
T	687	$ip_address = '['.$rec['ip_address'].']';
	688	} else {
	689	$ip_address = $rec['ip_address'];
	690	}
b1a6a5	691	$ports = explode(',', $rec['virtualhost_port']);
a2156e	692	if(is_array($ports)) {
T	693	foreach($ports as $port) {
	694	$port = intval($port);
	695	if($port > 0 && $port < 65536 && $ip_address != '') {
ccbf14	696	$ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
a2156e	697	}
T	698	}
	699	}
32d8e9	700	}
T	701	}
855547	702
3de838	703	if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
223c56	704
ccbf14	705	wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
TB	706	unset($tpl);
b1a6a5	707
32d8e9	708	if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
T	709	exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
	710	}
b1a6a5	711
99d5dc	712	//* make sure that webalizer finds its config file when it is directly in /etc
T	713	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	714	exec('mkdir /etc/webalizer');
	715	exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
	716	}
b1a6a5	717
99d5dc	718	if(is_file('/etc/webalizer/webalizer.conf')) {
T	719	// Change webalizer mode to incremental
b1a6a5	720	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	721	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	722	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
99d5dc	723	}
b1a6a5	724
6b029a	725	//* add a sshusers group
T	726	$command = 'groupadd sshusers';
	727	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	728
526b99	729	// create PHP-FPM pool dir
T	730	exec('mkdir -p '.$conf['nginx']['php_fpm_pool_dir']);
b1a6a5	731
526b99	732	$content = rf('/etc/php5/fpm/php-fpm.conf');
T	733	if(stripos($content, 'include=/etc/php5/fpm/pool.d/*.conf') === false){
b1a6a5	734	af('/etc/php5/fpm/php-fpm.conf', "\ninclude=/etc/php5/fpm/pool.d/*.conf");
526b99	735	}
T	736	unset($content);
	737	if(!@is_file($conf['nginx']['php_fpm_ini_path'])){
	738	if(@is_file('/etc/php5/cli/php.ini')){
	739	exec('cp -f /etc/php5/cli/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	740	} elseif(@is_file('/etc/php5/fastcgi/php.ini')){
	741	exec('cp -f /etc/php5/fastcgi/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	742	} elseif(@is_file('/etc/php5/apache2/php.ini')){
	743	exec('cp -f /etc/php5/apache2/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	744	}
	745	}
b1a6a5	746
32d8e9	747	}
b1a6a5	748
2d86e1	749	public function configure_nginx(){
F	750	global $conf;
b1a6a5	751
2d86e1	752	if($conf['nginx']['installed'] == false) return;
F	753	//* Create the logging directory for the vhost logfiles
	754	if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
b1a6a5	755
dbe5b0	756	// Sites enabled and available dirs
2d86e1	757	exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
F	758	exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);
b1a6a5	759
dbe5b0	760	$content = rf('/etc/nginx/nginx.conf');
F	761	if(stripos($content, 'include /etc/nginx/sites-enabled/*.vhost;') === false){
	762	$content = trim($content);
b1a6a5	763	$content = substr($content, 0, -1)."\n include /etc/nginx/sites-enabled/*.vhost;\n}";
MC	764	wf('/etc/nginx/nginx.conf', $content);
dbe5b0	765	}
2d86e1	766	unset($content);
b1a6a5	767
2d86e1	768	// create PHP-FPM pool dir
F	769	exec('mkdir -p '.$conf['nginx']['php_fpm_pool_dir']);
b1a6a5	770
2d86e1	771	$content = rf('/etc/php5/fpm/php-fpm.conf');
F	772	if(stripos($content, 'include=/etc/php5/fpm/pool.d/*.conf') === false){
b1a6a5	773	af('/etc/php5/fpm/php-fpm.conf', "\ninclude=/etc/php5/fpm/pool.d/*.conf");
2d86e1	774	}
F	775	unset($content);
59feb7	776	if(!@is_file($conf['nginx']['php_fpm_ini_path'])){
F	777	if(@is_file('/etc/php5/cli/php.ini')){
	778	exec('cp -f /etc/php5/cli/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	779	} elseif(@is_file('/etc/php5/fastcgi/php.ini')){
	780	exec('cp -f /etc/php5/fastcgi/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	781	} elseif(@is_file('/etc/php5/apache2/php.ini')){
	782	exec('cp -f /etc/php5/apache2/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	783	}
	784	}
2d86e1	785
F	786	//* make sure that webalizer finds its config file when it is directly in /etc
	787	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	788	mkdir('/etc/webalizer');
b1a6a5	789	symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
2d86e1	790	}
F	791
	792	if(is_file('/etc/webalizer/webalizer.conf')) {
	793	// Change webalizer mode to incremental
b1a6a5	794	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	795	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	796	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
2d86e1	797	}
b1a6a5	798
2d86e1	799	// Check the awsatst script
F	800	if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
b1a6a5	801	if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
MC	802	if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
	803
2d86e1	804	//* add a sshusers group
F	805	$command = 'groupadd sshusers';
	806	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	807	}
b1a6a5	808
ca2165	809	public function configure_bastille_firewall()
32d8e9	810	{
T	811	global $conf;
b1a6a5	812
32d8e9	813	$dist_init_scripts = $conf['init_scripts'];
b1a6a5	814
32d8e9	815	if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
T	816	if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
b1a6a5	817	@mkdir("/etc/Bastille", octdec($directory_mode));
MC	818	if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
	819	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
	820	caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	821	} else {
	822	caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	823	}
	824	caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	825	$content = rf("/etc/Bastille/bastille-firewall.cfg");
	826	$content = str_replace("{DNS_SERVERS}", "", $content);
32d8e9	827
b1a6a5	828	$tcp_public_services = '';
MC	829	$udp_public_services = '';
	830
2af58c	831	$row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
b1a6a5	832
MC	833	if(trim($row["tcp_port"]) != '' \|\| trim($row["udp_port"]) != ''){
	834	$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
	835	$udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
	836	} else {
	837	$tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
	838	$udp_public_services = '53';
	839	}
32d8e9	840	if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
T	841	$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
2af58c	842	if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
32d8e9	843	}
T	844
b1a6a5	845	$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
MC	846	$content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
32d8e9	847
b1a6a5	848	wf("/etc/Bastille/bastille-firewall.cfg", $content);
32d8e9	849
b1a6a5	850	if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
MC	851	caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
	852	caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);
32d8e9	853
b1a6a5	854	if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
MC	855	caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
	856	caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);
	857
	858	if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
	859	caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
	860	caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
	861
32d8e9	862	if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);
T	863
b1a6a5	864	exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
MC	865	if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
	866	unset($ipchains_location);
	867	exec("which iptables &> /dev/null", $iptables_location, $ret_val);
	868	if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
	869	unset($iptables_location);
32d8e9	870
T	871	}
4ae2a0	872
32d8e9	873	public function install_ispconfig()
b1a6a5	874	{
32d8e9	875	global $conf;
b1a6a5	876
32d8e9	877	$install_dir = $conf['ispconfig_install_dir'];
T	878
	879	//* Create the ISPConfig installation directory
	880	if(!@is_dir("$install_dir")) {
	881	$command = "mkdir $install_dir";
	882	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	883	}
b1a6a5	884
32d8e9	885	//* Create a ISPConfig user and group
T	886	$command = 'groupadd ispconfig';
	887	if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	888
32d8e9	889	$command = "useradd -g ispconfig -d $install_dir ispconfig";
T	890	if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	891
32d8e9	892	//* copy the ISPConfig interface part
T	893	$command = "cp -rf ../interface $install_dir";
	894	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	895
32d8e9	896	//* copy the ISPConfig server part
T	897	$command = "cp -rf ../server $install_dir";
	898	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
a13af2	899
fb6c56	900	//* Make a backup of the security settings
TB	901	if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
	902
a13af2	903	//* copy the ISPConfig security part
TB	904	$command = 'cp -rf ../security '.$install_dir;
	905	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fb6c56	906
TB	907	//* Apply changed security_settings.ini values to new security_settings.ini file
	908	if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
	909	$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
	910	$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
	911	if(is_array($security_settings_new) && is_array($security_settings_old)) {
	912	foreach($security_settings_new as $section => $sval) {
	913	if(is_array($sval)) {
	914	foreach($sval as $key => $val) {
	915	if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
	916	$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
	917	}
	918	}
	919	}
	920	}
	921	file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
	922	}
	923	}
b1a6a5	924
32d8e9	925	//* Create a symlink, so ISPConfig is accessible via web
T	926	// Replaced by a separate vhost definition for port 8080
	927	// $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
	928	// caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	929
32d8e9	930	//* Create the config file for ISPConfig interface
T	931	$configfile = 'config.inc.php';
	932	if(is_file($install_dir.'/interface/lib/'.$configfile)){
b1a6a5	933	copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
MC	934	}
615a0a	935	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	936	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T	937	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	938	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	939	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	940	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5	941
32d8e9	942	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
T	943	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	944	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	945	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9	946	$content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
b1a6a5	947
32d8e9	948	$content = str_replace('{server_id}', $conf['server_id'], $content);
T	949	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
5898e6	950	$content = str_replace('{language}', $conf['language'], $content);
8cf78b	951	$content = str_replace('{timezone}', $conf['timezone'], $content);
41eaa8	952	$content = str_replace('{theme}', $conf['theme'], $content);
992797	953	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
b1a6a5	954
MC	955	wf("$install_dir/interface/lib/$configfile", $content);
	956
	957	//* Create the config file for ISPConfig server
	958	$configfile = 'config.inc.php';
	959	if(is_file($install_dir.'/server/lib/'.$configfile)){
	960	copy("$install_dir/server/lib/$configfile", "$install_dir/interface/lib/$configfile~");
	961	}
	962	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
	963	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
	964	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	965	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	966	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	967	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5	968
MC	969	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
	970	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	971	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	972	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9	973	$content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
b1a6a5	974
MC	975	$content = str_replace('{server_id}', $conf['server_id'], $content);
	976	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
	977	$content = str_replace('{language}', $conf['language'], $content);
	978	$content = str_replace('{timezone}', $conf['timezone'], $content);
	979	$content = str_replace('{theme}', $conf['theme'], $content);
	980	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
	981
32d8e9	982	wf("$install_dir/server/lib/$configfile", $content);
b1a6a5	983
fb3a98	984	//* Create the config file for remote-actions (but only, if it does not exist, because
T	985	// the value is a autoinc-value and so changed by the remoteaction_core_module
	986	if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
	987	$content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
	988	wf($install_dir.'/server/lib/remote_action.inc.php', $content);
	989	}
b1a6a5	990
32d8e9	991	//* Enable the server modules and plugins.
T	992	// TODO: Implement a selector which modules and plugins shall be enabled.
	993	$dir = $install_dir.'/server/mods-available/';
	994	if (is_dir($dir)) {
	995	if ($dh = opendir($dir)) {
	996	while (($file = readdir($dh)) !== false) {
b1a6a5	997	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	998	include_once $install_dir.'/server/mods-available/'.$file;
	999	$module_name = substr($file, 0, -8);
32d8e9	1000	$tmp = new $module_name;
T	1001	if($tmp->onInstall()) {
	1002	if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
	1003	if (strpos($file, '_core_module') !== false) {
	1004	if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
	1005	}
	1006	}
	1007	unset($tmp);
	1008	}
	1009	}
	1010	closedir($dh);
	1011	}
	1012	}
b1a6a5	1013
32d8e9	1014	$dir = $install_dir.'/server/plugins-available/';
T	1015	if (is_dir($dir)) {
	1016	if ($dh = opendir($dir)) {
	1017	while (($file = readdir($dh)) !== false) {
1bd269	1018	if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
F	1019	if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
b1a6a5	1020	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	1021	include_once $install_dir.'/server/plugins-available/'.$file;
	1022	$plugin_name = substr($file, 0, -8);
32d8e9	1023	$tmp = new $plugin_name;
T	1024	if($tmp->onInstall()) {
	1025	if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
	1026	if (strpos($file, '_core_plugin') !== false) {
	1027	if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
	1028	}
	1029	}
	1030	unset($tmp);
	1031	}
	1032	}
	1033	closedir($dh);
	1034	}
	1035	}
b1a6a5	1036
32d8e9	1037	// Update the server config
T	1038	$mail_server_enabled = ($conf['services']['mail'])?1:0;
	1039	$web_server_enabled = ($conf['services']['web'])?1:0;
	1040	$dns_server_enabled = ($conf['services']['dns'])?1:0;
	1041	$file_server_enabled = ($conf['services']['file'])?1:0;
	1042	$db_server_enabled = ($conf['services']['db'])?1:0;
	1043	$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
2af58c	1044	$sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
b1a6a5	1045
a6e3ae	1046	$this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
32d8e9	1047	if($conf['mysql']['master_slave_setup'] == 'y') {
a6e3ae	1048	$this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
32d8e9	1049	}
b1a6a5	1050
3e0fc8	1051	// chown install dir to root and chmod 755
TB	1052	$command = 'chown root:root '.$install_dir;
	1053	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1054	$command = 'chmod 755 '.$install_dir;
32d8e9	1055	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
T	1056
fa029b	1057	//* Chmod the files and directories in the install dir
3e0fc8	1058	$command = 'chmod -R 750 '.$install_dir.'/*';
TB	1059	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1060
	1061	//* chown the interface files to the ispconfig user and group
	1062	$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
	1063	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1064
	1065	//* chown the server files to the root user and group
	1066	$command = 'chown -R root:root '.$install_dir.'/server';
32d8e9	1067	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fa029b	1068
TB	1069	//* chown the security files to the root user and group
	1070	$command = 'chown -R root:root '.$install_dir.'/security';
	1071	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1072
	1073	//* chown the security directory and security_settings.ini to root:ispconfig
	1074	$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
	1075	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1076	$command = 'chown root:ispconfig '.$install_dir.'/security';
	1077	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
cb1221	1078	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
TB	1079	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1080	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
	1081	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1082	$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
32d8e9	1083	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	1084
32d8e9	1085	//* Make the global language file directory group writable
T	1086	exec("chmod -R 770 $install_dir/interface/lib/lang");
b1a6a5	1087
32d8e9	1088	//* Make the temp directory for language file exports writable
T	1089	exec("chmod -R 770 $install_dir/interface/web/temp");
b1a6a5	1090
32d8e9	1091	//* Make all interface language file directories group writable
T	1092	$handle = @opendir($install_dir.'/interface/web');
b1a6a5	1093	while ($file = @readdir($handle)) {
MC	1094	if ($file != '.' && $file != '..') {
	1095	if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) {
32d8e9	1096	$handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang');
b1a6a5	1097	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770);
MC	1098	while ($lang_file = @readdir($handle2)) {
32d8e9	1099	if ($lang_file != '.' && $lang_file != '..') {
b1a6a5	1100	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770);
32d8e9	1101	}
T	1102	}
	1103	}
	1104	}
	1105	}
b1a6a5	1106
477d4e	1107	//* Make the APS directories group writable
T	1108	exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
	1109	exec("chmod -R 770 $install_dir/server/aps_packages");
b1a6a5	1110
32d8e9	1111	//* make sure that the server config file (not the interface one) is only readable by the root user
bfcdef	1112	chmod($install_dir.'/server/lib/config.inc.php', 0600);
T	1113	chown($install_dir.'/server/lib/config.inc.php', 'root');
	1114	chgrp($install_dir.'/server/lib/config.inc.php', 'root');
b1a6a5	1115
bfcdef	1116	//* Make sure thet the interface config file is readable by user ispconfig only
T	1117	chmod($install_dir.'/interface/lib/config.inc.php', 0600);
	1118	chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
	1119	chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
b1a6a5	1120
32d8e9	1121	if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
T	1122	exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
	1123	exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
	1124	}
980485	1125
TB	1126	if(is_dir($install_dir.'/interface/invoices')) {
	1127	exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
	1128	exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
	1129	}
	1130
	1131	exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
b1a6a5	1132
32d8e9	1133	// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
T	1134	// and must be fixed as this will allow the apache user to read the ispconfig files.
	1135	// Later this must run as own apache server or via suexec!
63b369	1136	if($conf['apache']['installed'] == true){
5edf40	1137	$command = 'usermod -a -G ispconfig '.$conf['apache']['user'];
63b369	1138	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec	1139	if(is_group('ispapps')){
5edf40	1140	$command = 'usermod -a -G ispapps '.$conf['apache']['user'];
272aec	1141	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
F	1142	}
63b369	1143	}
F	1144	if($conf['nginx']['installed'] == true){
223c56	1145	$command = 'usermod -a -G ispconfig '.$conf['nginx']['user'];
63b369	1146	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec	1147	if(is_group('ispapps')){
5edf40	1148	$command = 'usermod -a -G ispapps '.$conf['nginx']['user'];
272aec	1149	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
F	1150	}
5c93f0	1151	// add nobody user to www group, as the default php-fpm pool from opensuse runs as nobody
TB	1152	$command = 'usermod -a -G www nobody';
	1153	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
63b369	1154	}
b1a6a5	1155
32d8e9	1156	//* Make the shell scripts executable
T	1157	$command = "chmod +x $install_dir/server/scripts/*.sh";
	1158	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	1159
7e1cfb	1160	if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269	1161	//* Copy the ISPConfig vhost for the controlpanel
F	1162	// TODO: These are missing! should they be "vhost_dist_*_dir" ?
	1163	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
	1164	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
b1a6a5	1165
MC	1166
1bd269	1167	// Dont just copy over the virtualhost template but add some custom settings
ccbf14	1168	$tpl = new tpl('apache_ispconfig.vhost.master');
TB	1169	$tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
b1a6a5	1170
1bd269	1171	// comment out the listen directive if port is 80 or 443
F	1172	if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
ccbf14	1173	$tpl->setVar('vhost_port_listen','#');
1bd269	1174	} else {
ccbf14	1175	$tpl->setVar('vhost_port_listen','');
1bd269	1176	}
b1a6a5	1177
ccbf14	1178	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
TB	1179	$tpl->setVar('ssl_comment','');
1bd269	1180	} else {
ccbf14	1181	$tpl->setVar('ssl_comment','#');
1bd269	1182	}
10b4c8	1183	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
ccbf14	1184	$tpl->setVar('ssl_bundle_comment','');
10b4c8	1185	} else {
ccbf14	1186	$tpl->setVar('ssl_bundle_comment','#');
10b4c8	1187	}
ccbf14	1188
TB	1189	$tpl->setVar('apache_version',getapacheversion());
b1a6a5	1190
8c9637	1191	$content = $tpl->grab();
MS	1192	$content = str_replace('/var/www/', '/srv/www/', $content);
	1193	wf($vhost_conf_dir.'/ispconfig.vhost', $content);
b1a6a5	1194
cc6568	1195	//if(!is_file('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
b1a6a5	1196	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
MC	1197	$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
	1198	$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
	1199	exec('mkdir -p /srv/www/php-fcgi-scripts/ispconfig');
	1200	wf('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
	1201	exec('chmod +x /srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
	1202	exec('ln -s /usr/local/ispconfig/interface/web /srv/www/ispconfig');
	1203	exec('chown -R ispconfig:ispconfig /srv/www/php-fcgi-scripts/ispconfig');
	1204
cc6568	1205	//}
b1a6a5	1206
1bd269	1207	//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
F	1208	//* and create the symlink
7e1cfb	1209	if($this->is_update == false) {
1bd269	1210	if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
F	1211	if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
	1212	exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
	1213	}
b1a6a5	1214
1bd269	1215	}
b1a6a5	1216
1bd269	1217	// Fix a setting in vhost master file for suse
b1a6a5	1218	replaceLine('/usr/local/ispconfig/server/conf/vhost.conf.master', "suPHP_UserGroup", " suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>", 0);
1bd269	1219	}
F	1220
7e1cfb	1221	if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269	1222	//* Copy the ISPConfig vhost for the controlpanel
F	1223	$vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
	1224	$vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
	1225
	1226	// Dont just copy over the virtualhost template but add some custom settings
615a0a	1227	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_ispconfig.vhost.master', 'tpl/nginx_ispconfig.vhost.master');
1bd269	1228	$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
b1a6a5	1229
1bd269	1230	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
10b4c8	1231	$content = str_replace('{ssl_on}', ' on', $content);
1bd269	1232	$content = str_replace('{ssl_comment}', '', $content);
F	1233	$content = str_replace('{fastcgi_ssl}', 'on', $content);
	1234	} else {
10b4c8	1235	$content = str_replace('{ssl_on}', ' off', $content);
1bd269	1236	$content = str_replace('{ssl_comment}', '#', $content);
F	1237	$content = str_replace('{fastcgi_ssl}', 'off', $content);
32d8e9	1238	}
b1a6a5	1239
ca0b77	1240	$socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
b1a6a5	1241	if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
ca0b77	1242	if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
F	1243	$fpm_socket = $socket_dir.'ispconfig.sock';
b1a6a5	1244
ca0b77	1245	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	1246	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269	1247
F	1248	wf($vhost_conf_dir.'/ispconfig.vhost', $content);
b1a6a5	1249
1bd269	1250	unset($content);
b1a6a5	1251
1bd269	1252	// PHP-FPM
F	1253	// Dont just copy over the php-fpm pool template but add some custom settings
615a0a	1254	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/php_fpm_pool.conf.master', 'tpl/php_fpm_pool.conf.master');
1bd269	1255	$content = str_replace('{fpm_pool}', 'ispconfig', $content);
ca0b77	1256	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	1257	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269	1258	$content = str_replace('{fpm_user}', 'ispconfig', $content);
F	1259	$content = str_replace('{fpm_group}', 'ispconfig', $content);
	1260	wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
	1261
	1262	//copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
	1263	//* and create the symlink
7e1cfb	1264	if($this->is_update == false) {
1bd269	1265	if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
F	1266	if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
b1a6a5	1267	symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
1bd269	1268	}
F	1269	}
b1a6a5	1270
9aec3d	1271	// create symlinks from /usr/share to phpMyAdmin and SquirrelMail, if they are installed
b1a6a5	1272	if(!@file_exists('/usr/share/phpmyadmin') && @is_dir('/srv/www/htdocs/phpMyAdmin')) symlink('/srv/www/htdocs/phpMyAdmin/', '/usr/share/phpmyadmin');
MC	1273	if(!@file_exists('/usr/share/squirrelmail') && @is_dir('/srv/www/htdocs/squirrelmail')) symlink('/srv/www/htdocs/squirrelmail/', '/usr/share/squirrelmail');
32d8e9	1274	}
b1a6a5	1275
32d8e9	1276	// Make the Clamav log files readable by ISPConfig
T	1277	//exec('chmod +r /var/log/clamav/clamav.log');
	1278	//exec('chmod +r /var/log/clamav/freshclam.log');
b1a6a5	1279
32d8e9	1280	//* Install the update script
b34f99	1281	if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
MC	1282	exec('chown root /usr/local/ispconfig/server/scripts/update_from_dev.sh');
	1283	exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_dev.sh');
32d8e9	1284	exec('chown root /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
T	1285	exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
	1286	exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
	1287	exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
b34f99	1288	if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');
32d8e9	1289	if(!is_link('/usr/local/bin/ispconfig_update.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update.sh');
b1a6a5	1290
32d8e9	1291	//set the fast cgi starter script to executable
T	1292	//exec('chmod 755 '.$install_dir.'/interface/bin/php-fcgi');
b1a6a5	1293
32d8e9	1294	//* Make the logs readable for the ispconfig user
T	1295	if(@is_file('/var/log/mail.log')) exec('chmod +r /var/log/mail.log');
	1296	if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
	1297	if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
	1298	if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
b1a6a5	1299
32d8e9	1300	//To enable apache to read the directories
T	1301	exec('chmod a+rx /usr/local/ispconfig');
	1302	exec('chmod -R 751 /usr/local/ispconfig/interface');
	1303	exec('chmod a+rx /usr/local/ispconfig/interface/web');
b1a6a5	1304
32d8e9	1305	//* Create the ispconfig log directory
e38d14	1306	if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
J	1307	if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
b1a6a5	1308
0c5b42	1309	if(is_user('getmail')) {
T	1310	exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
	1311	exec('chown getmail /usr/local/bin/run-getmail.sh');
	1312	exec('chmod 744 /usr/local/bin/run-getmail.sh');
	1313	}
b1a6a5	1314
8cf78b	1315	if(is_dir($install_dir.'/interface/invoices')) {
e94a9f	1316	exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
T	1317	exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
edf806	1318	}
b1a6a5	1319
0799f8	1320	//* Create the ispconfig auth log file and set uid/gid
T	1321	if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
	1322	touch($conf['ispconfig_log_dir'].'/auth.log');
	1323	}
	1324	exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
	1325	exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
b1a6a5	1326
d71bae	1327	//* Remove Domain module as its functions are available in the client module now
T	1328	if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
021aec	1329
TB	1330	// Add symlink for patch tool
	1331	if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
c83951	1332
TB	1333	// Change mode of a few files from amavisd
	1334	if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
	1335	if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
	1336	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
	1337	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
32d8e9	1338	}
T	1339	}
	1340
e38d14	1341	?>